Privacy, Data Protection, and Cybersecurity
Maeder Law Office offers legal counsel on privacy, data protection, and cybersecurity-related matters. With data breaches and misuse of personal information frequently in the news, privacy and cybersecurity are top of mind for many businesses. Privacy and cybersecurity issues are involved in a wide range of business operations, from vendor contracts and internal corporate policies and procedures to customer-facing contracts, and more. Our privacy and data protection attorney(s) assists clients with identifying legal risks associated with privacy and data security and development of strategies to reduce risk.
Managing privacy and data security risks requires a strong understanding of client technologies and the collection, use, and disclosure of client data. Ms. Maeder’s underlying subject matter knowledge in information technology and prior business experience in the information technology industry as a computer analyst specializing in developing end-to-end database solutions for customers enable her to quickly understand client technologies and the technical and logistical aspects of data, identify potential legal risks, and develop risk mitigation strategies. Ms. Maeder offers counsel on a number of privacy and data security-related matters.
We provide legal counsel on compliance with privacy and data security laws and regulations, including HIPAA/HITECH, Gramm–Leach–Bliley Act (GLBA), COPPA, and other sector specific laws. Additionally, we provide counsel on Federal Trade Commission (FTC) data privacy issues related to unfair trade practice; for example, if a company’s actions do not comply with its stated privacy policies, the FTC considers this to be an unfair trade practice and can impose fines. We also assist clients with questions about the FTC’s Principles for Online Behavioral Advertising.
Privacy and Data Security Policies and Procedures
We offer assistance to clients with writing and reviewing corporate privacy and data security policies, including HIPAA policies and procedures, website privacy policies, written information security plans (WISPs), and website terms of service that reflect the client’s business practices and are compliant with applicable privacy and data security laws and regulations.
Vendor Contracts Privacy and Data Security Issues
Privacy and data security risks can arise from third-party vendors that handle client data. We review client contracts with third-party vendors to ensure that the contract language calls for the same levels of privacy and data security that the client expects and appropriately address privacy and data security rights, responsibilities, and procedures. Third party vendor contracts that we review include contracts with technology service providers (TSP), outsourcing, cloud computing, and data processor agreements. A few of the contract provisions that we scrutinize include data security clauses, audit, breach notification, and privacy provisions.
We assist clients with global privacy and data security laws and regulations that their operations may be subject to such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the European Union’s General Data Protection Regulation (GDPR).
Health Information Technology (Health IT) Privacy and Data Security
We provide counsel to health IT vendors and customers on the HIPAA privacy and data security implications of business transactions and underlying service agreements involving Health IT, assist with development of HIPAA privacy and security policies and procedures, and review and draft business associate agreements that define the parties’ obligations and permitted and required uses and disclosures of electronic protected health Information (ePHI), including use and disclosure of ePHI for management and administration, data aggregation, and de-identification. For health IT vendor contacts, we offer assistance with incorporating the business associate agreement into the underlying services agreement between the covered entity and business associate.
Other privacy and data security matters that we assist with include:
We invite you to contact us at 860-836-8338 or info@maeder-law to schedule a free consultation with a privacy attorney.